Weeks after the scam surfaced in January 2018, the central bank, in a confidential advisory to CEOs of all banks, directed them to put in place a slew of measures to curb such frauds. But now, having discovered that many banks are yet to fully implement the measures, the regulator has asked them to explain the delay.
In PNB, the fraud went on for years undetected as the bank’s SWIFT system was not integrated to its core banking system (CBS). A handful of officials used the SWIFT network to issue unauthorised letters of undertaking (LoUs) — a quasi-guarantee from the bank — to raise finance abroad. Old LoUs were rolled over with new LoUs of higher amounts till the music stopped.
In the showcause letters issued in August-end, RBI has pointed out the lapses in close to 25 banks, said two bankers.
“There is a degree of paranoia. I believe banks have been told to follow a two-step authentication for large value transaction. Some of these measures may slow down a bank. But that’s the price you pay after a scam,” said a person familiar with the matter.
The basic instructions to banks were: first, immediately ensure that no SWIFT message, creating funded or non-funded exposure to banks, is sent without first ensuring that the underlying transaction has been duly reflected in the CBS/accounting system; second, put in place straightthrough processing between CBS/accounting system and SWIFT messaging system by April 30, 2018.
Along with this a detailed timeline was issued to banks for implementation of 20-odd controls related to SWIFT and Nostro accounts. Among other things, RBI directed banks that all their corporate customers shall have their fund and non-fund based limits set and monitored centrally by bank’s risk management division which would check the limit utilisation every week.
Banks were told to put in place a system to generate alerts on breach of any control limits as well as any other unusual feature in the transactions; and, audit SWIFT/Nostro transactions for any anomaly by sourcing the data in raw form from the originating system. Also, the lenders have to undertake reconciliation of payment messages every one or two hours by comparing the outward messages with SWIFT confirmation.
Some of the measures had to be implemented with immediate effect while the rest had to be put in place between March and June-end. Besides a review of systems, another immediate impact of the scam was a ban on LoUs which had emerged as an easy and inexpensive tool to finance trade.
LoU volumes had surged in the past 7-8 years following an easy money policy by the US Federal Reserve. LoU was an arrangement where the importer’s bank issued a guarantee to borrow from an overseas bank (which could be the foreign branch of an Indian bank) to pay off the bank that funds the overseas supplier; the understanding was that the local bank issuing LoU would recover the amount from the importer to repay the overseas bank. Bankers said RBI is unlikely to bring back LoUs in a hurry.